1. Technical Field
This invention relates generally to smart card technology.
2. Related Art
A smart card resembles a credit card in size and shape. (See ISO 7810). The inside of a smart card usually contains an embedded 8-bit microprocessor. The microprocessor is under a gold contact pad on one side of the card. Smarts cards may typically have 1 kilobyte of RAM, 24 kilobytes of ROM, 16 kilobytes of programmable ROM, and an 8-bit microprocessor running at 5 MHz. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set for applications such as cryptography. The most common smart card applications are:                Credit cards        Electronic cash        Computer security systems        Wireless communication        Loyalty systems (like frequent flyer points)        Banking        Satellite TV        Government identification        
Smart cards can be used with a smart-card reader attachment to a personal computer to authenticate a user. (However, these readers are relatively costly, and have not been well accepted by users.) Web browsers also can use smart card technology to supplement Secure Sockets Layer (SSL) for improved security of Internet transactions. The American Express Online Wallet shows how online purchases work using a smart card and a PC equipped with a smart-card reader. Smart-card readers can also be found in vending machines.
There are three basic types of smart cards: contact chip, contactless and dual interface (DI) cards.
A contact smart card (or contact chip card) is a plastic card about the size of a credit card that has an embedded integrated circuit (IC) chip to store data. This data is associated with either value or information or both and is stored and processed within the card's chip, either a memory or microprocessor device.
The predominant contact smart cards in consumer use are telephone cards as a stored value tool for pay phones and bank cards for electronic cash payments. Contact smart cards require the placement of the card in a terminal or automatic teller machine for authentication and data transaction. By inserting the contact smart card into the terminal, mechanical and electrical contact is made with the embedded chip module.
Contactless smart cards have an embedded antenna connected to a microchip, enabling the card to pick up and respond to radio waves. The energy required for the smart card to manipulate and transmit data is derived from the electromagnetic field generated by a reader. Contactless smart cards do not require direct contact with the reader because they employ the passive transponder technology of Radio Frequency Identification (RFID). By just waving the card near the reader, secure identification, electronic payment transaction and authentication are completed in milliseconds.
Contactless chip card technology is based on two standards: ISO/IEC 14443 Type A and Type B (for proximity cards), and ISO/IEC 15693 (for vicinity cards). Cards that comply with these standards operate at the 13.56 MHz frequency. ISO/IEC 14443 products have a range of up to 10 cm (centimeters), while ISO/IEC 15693 products can operate at a range between 50 and 70 cm.
Dual interface (DI) cards, sometimes called combination chip cards, are microprocessor multi-function cards that incorporate both the functions of a contact chip card and a contactless card. Within the smart card is a microprocessor or micro-controller chip with radio frequency identification (RFID) capability that manages the memory allocation and file access. The on-board memory is shared and can be accessed either in contact or contactless mode.
This type of chip is similar to those found inside all personal computers and when implanted in a smart card, manages data in organised file structures, via a card operating system. This capability permits different and multiple functions and/or different applications to reside on the card.
A dual interface (DI) card is ideal for single and multi-application markets ranging from micro-payment (convenient alternative to low value cash transaction) to e-commerce and from ticketing in mass transit to secure identification for cross border control. Originally, such cards were intended to be used in conjunction with a reader connected to a PC for downloading tickets, tokens, or electronic money via the contact interface and used in contactless mode in the application for physical access or proximity payment.
Passive radio frequency identification (RFID) devices derive their energy from the electromagnetic field radiated from the reader. Because of international power transmission restrictions at the frequencies of 125 KHz and 13.56 MHz, the contactless integrated circuits are generally low voltage and low power devices. Read/Write circuits use low voltage EEPROM and low power analogue cells. The read/write memory capacity in transponders, contact smart cards, contactless memory based smart cards, dual interface smart cards (contact & contactless) and multi-interface micro-controllers is generally limited to approximately 64 kilobytes.
The dual interface (DI) smart cards typically have an 8, 16 or 32 bit microprocessor controller, operate at a low voltage of 1.8V–5V and run at an internal frequency of 5 or 15 MHz. The open platform architecture includes memory management, non volatile memory, contactless interfaces and security features such as Advanced Crypto Engine (ACE) 1100 bit, triple DES encryption and RSA.
High performance crypto controllers with multiple interfaces such as USB, ISO 14443 Type A, B, Felica have been developed for multi-functional smart cards in applications such as security access, healthcare, electronic purse, banking etc.
The main focus of the smart card industry has been on secure card applications, where large memory capacity is not of paramount importance, and/or where pertinent information and application software is stored at a centralised server location.
Another market area that has been evolving in recent years is memory, particularly for computing devices which are capable of interacting with large amounts of data and implementing sophisticated functionality, such as laptops, cameras, mobile phones, PDAs, MP3 players, and the like.
The main focus of the flash drive industry is on high density memory (using NAND flash memory cells) and current USB key chain products from the market leaders incorporate an 8-Gigabyte flash memory chip, managed by a 32 bit micro-controller.
These large capacity, personal, portable storage devices are for decentralised applications to transport confidential business documents, multimedia files, photos, music files, address book, favorite web sites, games, etc.
Apart from using USB tokens for file storage, they are also used for desktop settings, screen lock, network login & access control, log book, user authentication (storing digital signatures, certificates, key sets, finger-based biometric templates, usernames and passwords), digital content and transaction security as well as enterprise and Internet security.
A USB token can also be used to download emails, remotely access a PC or to open a customised browser that allows the user to surf the Web with total privacy.
Recent developments in USB flash memory drives have resulted in CDROM-like auto-run devices that automatically execute a file when the USB token is inserted into a PC. The read-only and auto-run contents are installed during the manufacturing process. Examples of auto-run contents include opening a website, running a demo application, showing a presentation, making a product pitch, providing customers with discount coupons etc.
Related Patents and/or Publications
U.S. Patent Publication No. 2003/0028797 discloses integrated USB connector for personal token. A personal key having an inexpensive and robust integrated USB connector is disclosed. The apparatus comprises a circuit board having a processor and a plurality of conductive traces communicatively coupling the processor to a peripheral portion of the circuit board. The plurality of conductive traces includes, for example, a power trace, a ground trace, and at least two signal traces. The apparatus also comprises a first housing, having an aperture configured to accept the periphery of the circuit board therethrough, thereby presenting the plurality of conductive traces exterior to the aperture. The apparatus also comprises a shell, surrounding the plurality of conductive traces, the shell including at least one locking member interfacing with the first housing.
U.S. Patent Publication No. 2002/0011516 discloses smart card virtual hub. A smart card virtual hub combines a ISO7816 compliant smart card reader interface with a USB hub that provides one or more attachment points for connection of devices to the USB bus, thereby interfacing such devices to the host computer. The hub in the presently preferred embodiment of the invention provides one port to which one USB functional device, such as a keyboard, may be attached. The attached keyboard shares a common USB bus bandwidth with the internal embedded smart card reader through a host-scheduled, token-based communication protocol that is handled by the USB driver and the device driver.
U.S. Patent Publication No. 2003/0102380 discloses a memory card and a method for operating a memory card, the memory card comprising: a memory mass storage; a first data interface with a contacting interface and a high data transfer rate; a second data interface with a contact-less interface. In a preferred embodiment, a memory card controller is included for selecting a first data line from said first data interface or a second data line from said second data interface to communicate with said memory mass storage based on a criteria.
U.S. Patent Publication No. 2003/0087601 discloses an apparatus, system and method for communicating between a personal device and a host computer. The apparatus comprises means for wireless communication, for enabling communication with a personal device (which also comprises means for wireless communication) and means for wired communication for enabling communication with the host computer (which also comprises means for wired communication). A controller installed within the apparatus, controls the data transfer between the wireless and wired communication interfaces of the apparatus. The controller may perform additional computing operations, such as security related operations (e.g. digitally signing a document, ciphering, and so forth). The apparatus may further comprise a smartcard chip, for securely storing information, and also for performing the additional computing operations. Implementations of the invention can be carried out in order to functionally connect a personal device, such as PDA, mobile phone, and so forth, to a host computer, or with an application executed on the host computer. The apparatus may be used to for security implementations, e.g. provision of PINs, keys, passwords, digitally signing of documents, and so forth. The personal device may also be used as input means for the apparatus, thereby enabling a large number of implementations, including applications with relevancy to cellular telephony. WIPO Publication No. WO 01/96990 discloses USB-Compliant Personal Key Using a Smartcard Processor and a Smartcard Reader Emulator. A compact, self-contained, personal key is disclosed. The personal key comprises a USB-compliant interface releaseably coupleable to a host processing device operating under command of an operating system; a smartcard processor having a smartcard processor-compliant interface of communicating according to a smartcard input and output protocol; and an interface processor, communicatively coupled to the USB-compliant interface and to the smartcard processor-compliant interface, the interface processor implementing a translation module for interpreting USB-compliant messages into smartcard processor-compliant messages and for interpreting smartcard processor-compliant messages into USB-compliant messages.
WIPO Publication No. WO 00/42491 discloses USB-Compliant Personal Key with Integral Input and Output Devices. A compact, self-contained, personal key is disclosed. The personal key comprises a USB-compliant interface (206) releasably coupleable to a host processing device (102); a memory (214); and a processor (212). The processor (212) provides the host processing device (102) conditional access to data storable in the memory (214) as well as the functionality required to manage files stored in the personal key and for performing computations based on the data in the files. In one embodiment, the personal key also comprises an integral user input device (218) and an integral user output device (222). The input and output devices (218, 222) communicate with the processor (212) by communication paths (220, 222) which are independent from the USB-compliant interface (206), and thus allow the user to communicate with the processor (212) without manifesting any private information external to the personal key.
WIPO Publication No. WO 01/39102 discloses PORTABLE READER FOR SMART CARDS. A portable reader (1) for smart cards (7) is described that comprises: a support body (3) containing at least one slot (5) for inserting and reading a smart card (7); interface means (9) connected to the support body (3); interface means (9) connected to the support body (3); means (13) for keeping and aligning the smart card (7); and a managing microprocessor contained inside the support body (3) and connected to the interface means (9) and the reading means for smart cards (7).
U.S. Pat. No. 5,761,648 discloses interactive marketing network and process using electronic certificates. A data processing system issuing electronic certificates through “online” networks of personal computers, televisions, or other devices with video monitors or telephones. Each electronic certificate includes transaction data and identification data, and can be printed out on a printing device linked to a consumer's personal input device, or electronically stored in a designated data base until a specified expiration date. The certificate can be used for various purposes, including use as a coupon for a discounted price on a product or service, proof of a gift or award, proof of reservation, or proof of payment. Consumers access the data processing system online, browse among their choices, and make their selections. The data processing system provides reports on the selected certificates and their use following selection. Certificate issuers also have online access to the data processing system and can create or revise offers, and provide various instructions pertaining to the certificates, including limitations as to the number of certificates to be issued in total and to each individual consumer. (see also www.coolsavings.com)
U.S. Pat. No. 6,694,399 discloses method and device for universal serial bus smart card traffic signalling. A method and device are disclosed for detecting successful transfers between a Universal Serial Bus (USB) port and a USB smart card and generating a signal that provides an indication of the USB transaction activity. This USB transaction activity signal is modulated according to the USB transaction activity and drives a Light Emitting Diode (LED) in a preferred embodiment of the invention. A counter internal to the USB smart card scales the transaction activity signal such that it is perceptible to the user. Because the current through the LED depends upon the USB transaction activity, the brightness of the LED varies according to the USB transaction activity. The LED may be driven from a current mirror sink or source, or a current switch sink or source.